94 Chapter 3 Using certificatesNN46110-600Identifying branch offices with certificatesYou use the Authentication section of the Profiles > Branch Office > EditConnection window to configure the authentication between the local and remotebranch office VPN Routers. The fields that appear in this window depend onwhether you are using an IPsec, PPTP, or L2TP tunnel type.Select the authentication method that you want to use for the branch officeconnection from the list.IPsec authenticationIn the Authentication section, complete the following information:1 Enter the pre-shared key as a text or hex string. This is an alphanumeric textor hexadecimal string used for authentication between the local and remotebranches. For authentication to occur, you must use the same pre-shared stringon both the local and remote branch offices.2 Certificates are associated with each endpoint VPN Router and allow formutual authentication between two connections. The Certificate sectionincludes information about the remote branch office system, the authority thatissued the certificate, and the certificate identification.3 Remote Identity is the name of the remote peer initiating the tunnelconnection. You can use either a subject distinguished name (subject DN) or asubject alternative name to uniquely identify the remote branch office system.Specifying both a full subject DN and a subject alternative name on thiswindow allows the remote peer to use either identity form when making aconnection.4 Select a valid issuer CA from the certificate authority list. This CA is theissuer of the remote peer’s certificate or a higher-level CA in the remote peer’scertificate hierarchy. The CA must have the trusted flag set on the Certificateswindow. If a CA hierarchy is used, you must import all intermediary CAsbelow the trusted CA to the VPN Router. These certificate authorities areNote: When you change the authentication type, the windowimmediately changes to reflect the requirements of the newauthentication method. Any changes that you made on theAuthentication part of the previous window are lost.